MPU Meeting Wednesday 22nd April 2020

Profile Security

Nothing happened.

DICE Ubuntu Platform

Stephen has been working on adding support for Ubuntu to the pkglist-tools scripts. In particular, the build_package_lists script can now generate updates package list file for Ubuntu. The Ubuntu repository has 4 components - main, universe, multiverse and restricted. There are also 4 types of updates - security, updates, proposed and backports. The new script can be configured to generate updates lists for any combination of components and types of updates. The plan is that by default we will generate a list of security and updates packages for all 4 components. When we need packages from proposed or backports they would be manually added to the usual override packages file.

Generating the updates lists provided lots of useful test cases for the new LCFG package specification support in the LCFG core libraries. A few minor issues have been discovered and resolved.

Stephen is now working on the aptly package repository management software. This is to replace the previous reprepro software which cannot cope with multiple versions of a package in a repository. He has created an LCFG component, firstly he is working on support for mirroring remote/upstream repositories, once that is done he will move onto local repository management.

Alastair has been investigating the netplan tool. He has got bonding working with dhcp. He is now working on PXE installs on his home network and is planning to start looking at the LCFG preseed support.

Stephen is going to write a project plan, based on the trello board, and produce milestones. He suggested that Alastair could help with a basic postfix mail server config, and the graphical environment (e.g. lightdm, xscreensaver).

User Security Training Materials

Alastair and Chris had a meeting to discuss the project and Chris is now finalising the fine details of what will be covered. Chris has gathered more useful responses from COs for his ThoughtsOn403, he is working on revised milestones for the project plan.

Misc Development

Not much happened.

Operational

XRDP servers

It seems that mate-screensaver sometimes causes problems by taking a long time for the login box to appear. We originally chose mate-screensaver for this service so that users could configure it differently from their normal desktop environment which uses xscreensaver. That's no longer really a requirement so we could switch everyone to using xscreensaver for XRDP. We already do this for XRDP to user's desktops and it works just fine.

KVM server reboots

Chris has rebooted clavichord, harpsichord and azul to upgrade their kernels. Note that they still appear in the server reboot list as they require firmware upgrades.

KVM guests at KB

MPUclavichordDetails and MPUharpsichordDetails now mention which VMs would be sacrificial in a crisis. This would allow us to quickly make space for important DR services. Also a number of VMs which were no longer required were removed.

kernel reboots

Stephen will send out another reminder to COs about machine running old kernels.

dsu crashing

Dell have updated one of the packages which are installed by dsu with yum. This appears to have fixed the issue with dsu crashing on some hardware.

SL7.8

This has now been released and the deluge of backported security updates for 7.6 has begun. Stephen will hold back all the updates through the usual testupdates mechanism so that there is an extended testing period before they reach stable machines.

LCFG DR at KB

Chris will bring up an LCFG slave as a VM at KB and make it use the LCFG DR server, salamanca, as the data source. If that all works fine then we can think about promoting salamanca to be the LCFG master.

MPU server resilience

Notes are at MPUServersResilience. Stephen suggested keeping the packages master in the Forum. If we lose that server we can easily switch the package cache servers over to using the static copy on the DR service. The critical issue is keeping the LCFG service alive which should be mostly reliant on the LCFG master.

-- StephenQuinney - 23 Apr 2020